[Dshield] DCOM VPN Question

Geoff Shively gshively at pivx.com
Wed Aug 13 20:11:02 GMT 2003


interesting, still no mention of port 593 (RPC-over-HTTP).

Am i missing something?

Cheers,

Geoff Shively, CHO
PivX Solutions, LLC

Are You Secure?
http://www.pivx.com

----- Original Message ----- 
From: <andy.n.willson at exxonmobil.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Wednesday, August 13, 2003 12:48 PM
Subject: Re: [Dshield] DCOM VPN Question


>
> Some good info on ports...especially the 135 port - referred to as the
> "end-point mapper" which is required for basics like VPN and Exchange.
>
>
http://www.iss.net/security_center/advice/Exploits/Ports/groups/Microsoft/default.htm
>
>
>
>
> Andy
>
>
>
>
>                       "Darren Gasser"
>                       <kaos at earthlink.ne        To:      "General DShield
Discussion List" <list at dshield.org>
>                       t>                        cc:
>                       Sent by:                  Subject:       Re:
[Dshield] DCOM VPN Question
>                       list-bounces at dshie
>                       ld.org
>
>
>

>                       08/13/03 01:08 PM
>                       Please respond to
>                       General DShield
>                       Discussion List
>
>
>
>
>
> Jon R. Kibler wrote:
> > Greetings:
> >
> > I just had an interesting conversation with a network security person
> > that was having problems blocking the ports used by the DCOM worm.
> > They indicated that they had tried to block 135/TCP on their border
> > router, but clients running Microsoft VPN started complaining because
> > they could not connect.
> >
> > It appears that Microsoft VPN uses 135/TCP for RPC services used to
> > establish a VPN connections. Is anyone familiar with this issue? What
> > if anything is the solution to this problem? It is my understanding
> > that these clients have no choice but to use Microsoft VPN.
>
> I'm not sure what you mean by "Microsoft VPN, " as MS has built-in support
> for at least two entirely different VPN schemes (IPSec/L2TP and PPTP).
>
> Neither of these requires TCP port 135 to be open, however.  PPTP tunnels
> (the more common VPN type used with MS OSes) only require TCP port 1723
and
> IP protocol 47 (GRE).  IPsec has different requirements depending on your
> exact config, but I've never seen TCP 135 as one of them.
>
> -Darren
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
>
>
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list